National Industrial Security Systems (NISS)

The National Industrial Security System (NISS) is an initiative under the Defense Counterintelligence and Security Agency (DCSA) focused on protecting classified U.S. government information and critical technologies. It oversees approximately 10,000 cleared companies, 12,677 contractor facilities, and 5,700 classified systems within the National Industrial Security Program (NISP). By using advanced technologies, NISS aims to assess and mitigate risks related to contractors under Foreign Ownership, Control, or Influence (FOCI), ensuring secure management of classified contracts and systems.

NISS is being developed as a multi-level classification system to provide Department of Defense (DoD)-wide visibility into security-related data across networks such as the Non-classified Internet Protocol Router Network (NIPRNet), Secure Internet Protocol Router Network (SIPRNet), and Joint Worldwide Intelligence Communication System (JWICS). This system will enable near-real-time threat awareness and help identify non-compliance vulnerabilities. It is designed to enhance communication between field operations and headquarters where security oversight, counterintelligence, and cyber threats are addressed.

The program supports the Defense Security Enterprise (DSE) by providing visibility into risks at specific industrial sites and correlating FOCI concerns for large acquisition contracts. NISS will serve as a repository for pre-award FOCI analysis and documentation for DoD contracts in line with acquisition security reform efforts outlined in the FY 2020 National Defense Authorization Act. This initiative impacts over 100,000 companies within the Defense Industrial Base (DIB), promoting more secure decision-making regarding unclassified acquisitions, research, and grants.

In FY 2025, NISS plans to implement improvements such as cloud modernization and integration into the COS cloud environment. The development of Artificial Intelligence Machine Learning (AI/ML) capabilities will support analytic requirements by providing a comprehensive risk picture that includes threat, vulnerability, and impact assessments. Additionally, enhancements will offer enterprise views linking critical supply chain data to oversight activities. These efforts aim to modernize acquisition processes while ensuring the integrity of the industrial base through continuous entity vetting using a mix of open sources enhanced by classified intelligence.